isync has asked for the wisdom of the Perl Monks concerning the following question:

Any quick hints what I am overseeing here?

In my script the HTTP header 'Authorization' seems to get catched by something previous to my script. I am running under Apache/CGI.pm.

Dumping the %ENV environment does show a wrong spelled 'Buthorization' test header, while the 'Authorization' header is silently removed from %ENV earlier in the "execution chain", previous to my script.

First I though it was Apache, but disabling the mod_auth_basic and mod_auth_digest modules didn't let the header slip through. Further CGI.pm's $q->remote_user equally remains empty on a fake header like "Authorization: basic SADSADSASAD=="

Anyone?
  • Comment on Authorization HTTP header isn't coming through - why?

Replies are listed 'Best First'.
Re: Authorization HTTP header isn't coming through - why?
by ikegami (Patriarch) on Aug 23, 2010 at 16:47 UTC
    The CGI spec calls for REMOTE_USER to be set to the authenticated user, which means the server should be handling authentication and thus the header.
[reply]
      Which means for me, I need to separate authentication into its own piece of code and call it from Apache as an AuthHandler, right.

      Thanks!
[reply]
        Or you could use form-based authentication.
[reply]
      I just realized: that also means my script is never able to get a grip on the username which is part of the wrapping authentication, right? Unleass I find a way to share (session) data among processes/scripts.
      How am I supposed to offer user-customized service then, if my script never gets access to HTTP Basic or Digest auth values??
[reply]
        It's available as $cgi->remote_user (which it gets from $ENV{REMOTE_USER}).
[reply]

Back to Seekers of Perl Wisdom